|
Posted by on August 4, 2006, 3:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
yok.supersearch is not a trojan but adware and may be legit (but my
computer had none of the yok.* files listed in the Zone Alarm forum other
than the registry setting that Zone Alarm removed).
The Backdoor.Win32.mIRC.based trojan was a false positive that Zone Alarm
corrected with a future definition update.
Just great - Zone Alarm made me waste about 4 hours checking the net and
rerunning several anti-spyware programs plus an Avast bootscan and normal
start-up virus scan.
I almost did a Multi-AV scan, too!
>
>>
>>
>>| Will do. I just ran SuperAntispyware and asquared and so far all is
>>| clean.
>>| I'm going to run my trial version of Spy Sweeper (and use the
>>| requisite 99% of CPU power required by Spy Sweeper - LOL).
>>|
>>| The question is - is it better to run Anti-spyware programs to catch
>>| Trojans or AV programs? In addition, should I shut down my Avast
>>| shields when running anti-spyware programs and disconnect from the
>>| net if I'm not running them in safe mode?
>>|
>>
>> If you get infected -- both !
>>
>> Prevention is always better than cure.
>>
>
> Very interesting - these people in the Zone Alarm forums state the ZA
> Anti-Spyware found the same two trojans and there seems to be no info
> about them. Could they be false positives? I'll try to follow up if
> and when ZA ever responds. For a highly rated product, ZA moderators
> sure take their sweet time to respond (and many posts are never
> answered there):
>
>
> http://forum.zonelabs.org/zonelabs/board/mes
> sage?board.id=Antivirus&message.id=13092
>
>
> Win32.YOK.SuperSearch
> Park
> New Member
> Registered: 12-09-2005
>
>
>
>
> Situation: During my DAILY spyware scan, on 8/1/2006, ZoneAlarm
> detected
> Win32.YOK.SuperSearch
>
> which ZA said was a high risk trojan.
>
> Questions:
> 1) Am I now to assume that, during the many hours that I was online
> between my daily scans, a program which "enables user access to your
> entire computer and everything on it" could have **bleep**ed very
> important info from my computer &/or made other major changes to my
> system?
> 2) Where is any information that might aid me in finding out when and
> exactly how I acquired this spyware?
> 3) Why does Win32.YOK.SuperSearch not appear on the list in
> "SmartDefense Research Center/ Spyware Information" at
> http://smartdefense.zonelabs.com/tmpl/SpywareArticle?
> action=letterSearch&SPY_LETTER=w?
> 4) Why am I unable to find any detailed info at ZA about this program
> or any info at all about it at any other site (such as Spysweeper or
> Symantec/Norton)?
> 5) Last, but hardly least, how can I detect such nasties BEFORE they
> have a chance to mess with my computer?
>
> Thanks,
> Park
>
>
>
>
>
>
> http://forum.zonelabs.org/zonelabs/board/message?
> board.id=Antivirus&message.id=13100
>
>
> ZA Pro scans and picks this up:
> RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.cha
>
> *** Backdoor.Win32.mIRC.based ***
>
> Status "Quarantined" for now.
>
> The following great programs do not detect this:
> * Spybot Search and Destroy
> * Ad-Aware SE
> * AVG
> * ewido
>
> All four are up to date with current sigs.
>
> Why does ZAPro and not the others??
>
> Anyone care to elaborate please and thanks?
> Operating System: Windows XP Home
> Product Name: ZoneAlarm Pro
> Software Version: 6.5
>
> by RKnee
>
>
>
| 
XML site map